Vulnerabilities > CVE-2021-3345 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnupg

oracle

CWE-787

NVD

Published: 2021-01-29

Updated: 2023-11-07

Summary

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

Vulnerable Configurations

Part	Description	Count
Application	Gnupg Gnupg Libgcrypt 1.9.0	1
Application	Oracle Oracle Communications Billing AND Revenue Management 12.0.0.3.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://gnupg.org
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
https://bugs.gentoo.org/show_bug.cgi?id=767814
https://www.oracle.com//security-alerts/cpujul2021.html
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08